Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Thursday, May 22, 2008

Daily Report

• According to the Washington Post, a GAO report released Wednesday found that the Tennessee Valley Authority is vulnerable to cyber attacks that could sabotage critical systems that provide electricity to more than 8.7 million people. This is due to the TVA’s Internet-connected corporate network being linked with systems used to control power production. (See item 2)

• KGO 7 San Jose reports that the Communication Workers Union will allow their workers to honor the picket lines of janitors protesting high tech Bay Area companies, potentially delaying the installation and repair of data telephone and fiber optic lines. (See item 39)

Information Technology

36. May 21, Register – (International) Mass SQL injection hits English language websites. Thousands of websites in China have been booby trapped with code written to download Trojan software onto visitors who run vulnerable Windows PCs. Unlike earlier rounds of SQL injection attacks the latest assaults mostly target English language sites (predominantly sites hosted in China but with a .com suffix) and purposefully avoid Chinese government sites, according to net security firm ScanSafe. The latest attacks inject an iFrame onto compromised sites that loads malicious scripts from qiqigm.com, a domain registered on 16 May. These scripts include the text “silent love china” in an apparent greeting to other Chinese hackers. The malicious code exploits well-known RealPlayer and Internet Explorer vulnerabilities to install a password-stealing Trojan that hides its presence on Windows PCs. More than 7,000 sites have been compromised in this way, reports ScanSafe’s senior security researcher. English language Hong Kong stock brokerage kgieworld.com and Kodak camera reviews at digitalcamerareview.com are among the sites hit by the drive-by download attack. The attacks are the latest in a wave of SQL injection attacks against websites that began this month. More than one group, using different sets of tools to inject attack code, is involved, according to F-Secure. The net security firm Trend Micro says two exploits used in the latest SQL injection attacks are related to Chinese-language software, suggesting miscreants are specifically targeting the Chinese speaking world. Source: http://www.theregister.co.uk/2008/05/21/china_sql_injection_attack/

37. May 20, Agence France-Presse – (International) IT chiefs warn of cyber-terrorism threat. The threat of cyber-terrorism is growing and most countries are vulnerable to attacks that can shut down critical infrastructure, global experts told a conference here Tuesday. “The hard reality is that (information technology) has become a tool for cybercrime and cyberterrorism,” said a representative from the United Nations’ International Telecommunications Union. “Cybersecurity must be the cornerstone of every aspect of keeping ourselves, our countries and our world safe,” he told the conference, which the Malaysian hosts are billing as the first on cyber-terrorism and security. The U.N. official dismissed as a dangerous myth the idea that events in the virtual world have only a limited impact on the physical world, saying that technology has “changed the dynamics of terrorism.” Small groups or even individuals are capable of gaining control of millions of computers, “which can be used, for instance, to launch denial-of-service attacks on a nation’s critical infrastructure,” he said. Malaysia said it was launching a global center to combat cyber-terrorism which will provide emergency response to high-tech attacks on economies and trading systems worldwide. The center, which is expected to be built by the end of the year at the nation’s IT hub of Cyberjaya, south of Kuala Lumpur, will be funded by governments and the private sector. Source: http://news.yahoo.com/s/afp/20080520/tc_afp/malaysiaattacksinternet

38. May 20, Computerworld – (National) Phishers point scam at Apple’s iTunes. Phishers have targeted users of Apple Inc.’s iTunes music store with sophisticated identity theft attacks for the first time, a security company said today. People began receiving spam messages yesterday telling them that they must correct a problem with their iTunes account, said an executive at e-mail security vendor Proofpoint Inc. A link in the spam leads to a site posing as an iTunes billing update page, which asks for information, including credit card number and security code, Social Security number and mother’s maiden name. The theft attempt is a new twist on the usual phishing attack, he said. “We’ve gotten used to seeing the usual companies and brands attacked,” he said, “like PayPal, eBay and Citibank. But we’ve never seen Apple as the target.” He also speculated that the identity thieves aimed the new attack at iTunes users because of the service’s perceived demographics. “I wonder if the bad guys are thinking that [iTunes users] are younger than those for some of the other phished sites, like banks and eBay,” he said. “The way that teenagers and young adults use the Internet, they show a certain level of trust or openness when they post their name and age and school on MySpace.” Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9087358&source=rss_news10

Communications Sector

39. May 20, KGO 7 San Jose – (California) Janitors picket Silicon Valley companies. Thousands of janitors working at the biggest Silicon Valley companies began picketing some of the signature buildings in the Silicon Valley and the Bay Area Tuesday, demanding that the tech leaders help the janitors make a livable wage. An estimated 6,000 union workers voted to strike after rejecting the latest offer from their companies. Janitors were said to be walking out of Hewlet Packard and Oracle buildings. There were no new negotiations as of Tuesday, and Teamsters refused to cross the lines in order to pick up the trash at Cisco. On Saturday, more than 6,000 members of the Service Employee International Union voted to walk out of bio tech and high tech buildings all over the Bay Area. The dispute is over health care co-payment increases and a raise. The strike began Tuesday at Yahoo and Cisco is expected to spread throughout the Bay Area. Cisco representatives issued a statement: “Please note that this is a contract dispute between a third-party service provider and its employees. This is not a dispute between Cisco and its employees.” The Communication Workers Union said they will allow their workers honor the picket lines, potentially delaying the installation and repair of data telephone and fiber optic lines until the dispute is resolved. Source: http://abclocal.go.com/kgo/story?section=news/local&id=6153583

• According to Bloomberg, a Norwegian workers strike has closed six more airports, bringing the total number to twelve and limiting access to oil drilling platforms off the coast. (See item 1)

• The Dayton Daily News reports that Georgia-based Latex Construction Co, a contractor on the 1,679-mile Rockies Express natural gas pipeline is under federal investigation amid allegations by former project inspectors that crews failed to install required equipment designed to prevent breaches that could trigger explosions on the pipeline (See item 15)

Information Technology

29. May 20, vnunet.com – (National) Mass website hacks here to stay. McAfee Security experts have warned that the recent rash of large-scale website attacks may not be a fleeting trend. A McAfee researcher believes that the attacks, which simultaneously target hundreds of thousands of web pages, could be a sign of things to come. The nature of the attacks makes them very hard to prevent, and simply removing the exploit code may not protect sites from further infection. His assessment follows several SQL injection attacks in recent months. The attackers are believed to have used automated scripts to run input-validation attacks on pages. The script embeds a small section of JavaScript on the compromised page. Users attempting to access the pages are silently routed to a third-party site run by the attacker. This page then attempts to execute a number of browser exploits in an effort to install malware. Source: http://www.vnunet.com/vnunet/news/2217001/mass-hacks-here-stay

30. May 20, Computerworld – (National) New attack trend pushes POS encryption to the fore. The relatively scant attention that retailers have paid to securing their point-of-sale systems over the past few years is making the POS setups increasingly attractive targets for cybercrooks who are looking to steal payment card data. Hoping to help merchants address that situation are a handful of vendors who have begun offering new products aimed at making POS environments a lot harder to crack. The biggest of those vendors is VeriFone Holdings Inc., which last month released a security tool designed to let merchants encrypt credit and debit card data from the moment a card is swiped at a merchant’s PIN entry device all the way to the systems of the company’s external payment processor. VeriFone’s VeriShield Protect software is based on patented technology from Semtek Innovative Solutions Corp., which makes appliances for securely decrypting data. VeriFone said that Semtek’s technology, called the Hidden Triple Data Encryption Standard, can be used to encrypt personal account numbers and the so-called Track 2 data stored on the magnetic stripe located on the back of payment cards. That information includes card numbers and their expiration dates. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9086898&taxonomyId=17&intsrc=kc_top

31. May 20, IDG News Service – (National) XP SP3 hit by new networking bug. The latest service pack for Windows XP continues to cause problems for users. According to an online user forum, the latest glitch in Windows XP Service Pack 3 (SP3) is with the remote desktop access feature of Windows Home Server. Windows XP users running Windows Home Server, Microsoft’s home storage and local networking server, report that SP3 has been cutting off their access to the server from their PCs. The remote desktop access feature would ask users to add their home server’s website address in order to access it even after they already had, users reported.Source: http://www.techworld.com/opsys/news/index.cfm?newsID=101547&pagtype=all

Communications Sector

32. May 20, OneStopClick – (International) Smartphone use by businesses ‘increases security threat.’ The increasing use of smartphones by businesses is leading to higher security threats as handset theft grows, according to a survey by Airwide Solution. Figures from the Home Office showed that 800,000 mobile phones were reported as stolen in the UK in 2006. Airwide Solutions has said that as information like bank details, PIN codes, passwords, and company and personal details are held on the smartphones, they present a significant security risk if lost. The company believes one way to combat this threat is to use software which locks and wipes data on the device if it is stolen. Source: http://www.onestopclick.com/news/Smartphone-use-by-businesses-’increases-security-threat’_18601254.html

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"